Fallos del tipo CWE-79
26.052 resultadosCVE-2023-43770MEDIUMRoundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of EPSS 56.9%KEVCVE-2024-34716CRITICALPrestaShop vulnerable to XSS via customer contact form in FO, through file uploadEPSS 56.2%CVE-2023-40000HIGHWordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerabilityEPSS 54.9%CVE-2025-44148CRITICALCross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx coEPSS 54.4%CVE-2023-41425MEDIUMCross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted scripEPSS 54.3%CVE-2022-1104—Popup Maker < 1.16.5 - Admin+ Stored Cross-Site ScriptingEPSS 53.9%CVE-2023-50231HIGHNETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation VulnerabilityEPSS 53.3%CVE-2025-40598MEDIUMA Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker tEPSS 53.2%CVE-2023-41249MEDIUMIn JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build StepEPSS 53.1%CVE-2022-1178HIGHStored Cross Site Scripting in openemr/openemrEPSS 51.6%CVE-2022-1181HIGHStored Cross Site Scripting in openemr/openemrEPSS 51.5%CVE-2024-1451HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 51.5%CVE-2024-21726MEDIUM[20240205] - Core - Inadequate content filtering within the filter codeEPSS 48.8%CVE-2023-4547LOWSPA-Cart eCommerce CMS search cross site scriptingEPSS 48.5%CVE-2021-26829MEDIUMOpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.EPSS 48.0%KEVCVE-2011-0096MEDIUMThe MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 GoldEPSS 46.8%CVE-2022-39197MEDIUMAn XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTMEPSS 46.4%KEVCVE-2022-45938HIGHAn issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device EPSS 46.1%CVE-2023-0448MEDIUMThe WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected croEPSS 44.5%CVE-2024-43573MEDIUMWindows MSHTML Platform Spoofing VulnerabilityEPSS 44.4%KEV